Adware.AnySend, Linkury

Adware.AnySend

 

*file
C:\Users\{USERNAME}\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AnySend\AnySend.lnk
C:\Users\{USERNAME}\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AnySend\AnySend Show Tutorial.lnk
C:\Users\{USERNAME}\AppData\Roaming\Microsoft\Windows\SendTo\AnySend.lnk
C:\Users\{USERNAME}\AppData\Roaming\AnySend\VidPlays.dat
C:\Users\{USERNAME}\AppData\Roaming\AnySend\AnySend.ini
C:\Users\{USERNAME}\AppData\Local\nsx1489.tmp
C:\ProgramData\AnySend\Vids.dat
C:\ProgramData\AnySend\EmailChecks.dat
C:\ProgramData\AnySend\AnySend.DB
C:\ProgramData\AnySend\ann.dat
C:\Program Files\AnySend\upnp.dll
C:\Program Files\AnySend\libcef.dll
C:\Program Files\AnySend\LastVersion
C:\Program Files\AnySend\icudt.dll
C:\Program Files\AnySend\AnySendUI.exe
C:\Program Files\AnySend\AnySendSvc.exe
C:\Program Files\AnySend\AnySendShellExtension.dll
C:\Program Files\AnySend\anysend.guid


*reg_key
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{61628E2A-4FF9-4454-992D-D92A8CD27399}
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{61628E2A-4FF9-4454-992D-D92A8CD27399}
HKLM\SOFTWARE\AnySend
HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\AnySend
HKLM\SOFTWARE\Classes\AnySend.Connect
HKLM\SOFTWARE\Classes\AnySend.Connect.1
HKLM\SOFTWARE\Classes\CLSID\{61628E2A-4FF9-4454-992D-D92A8CD27399}
HKLM\SOFTWARE\Classes\TypeLib\{7BFFA5F9-047F-4732-93B5-B9FE731DE96D}
HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\AnySend
HKLM\SOFTWARE\Classes\Installer\Products\FEEB8747424601D48A2B3A21A6792C5D
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{61628E2A-4FF9-4454-992D-D92A8CD27399}
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderTypes\{94d6ddcc-4a68-4175-a374-bd584a510b78}\TasksNoItemsSelected\0\{E62B1C26-6A93-4f32-9115-FEB90FE0ABB5}
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\03B1FD3D9EB1B7258BA823782D8AC1F2
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8F513C3EAFB34385396D93AABEA92496
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A8B71494166839950940A644E713021C
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\FEEB8747424601D48A2B3A21A6792C5D
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{61628E2A-4FF9-4454-992D-D92A8CD27399}
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{7478BEEF-6424-4D10-A8B2-A3126A97C2D5}
HKLM\SYSTEM\CurrentControlSet\Services\AnySendService
HKLM\SOFTWARE\Classes\Interface\{AF31E0EB-48CF-4A3B-893F-E999A0E29944}


*reg_val
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run | AnySend User Interface
HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {DDE74799-1548-4DA3-88EB-2E3C76EBA0AC}
HKCU\SOFTWARE\Microsoft\Internet Explorer\Approved Extensions | {61628E2A-4FF9-4454-992D-D92A8CD27399}
 

 

Adware.Linkury

 

*file
C:\ProgramData\pangoc\pangoc.exe
C:\ProgramData\pangoc\tophome.dll
C:\ProgramData\pangoc\indigocof.dll
C:\ProgramData\pangoc\lightsing.exe
C:\ProgramData\pangoc\tanaphome.exe
C:\ProgramData\pangocs\snp.sc
C:\ProgramData\pangoc\airquadsoft.dat